Does siloed risk management work in a connected world?
With the world increasingly connected, the effectiveness of traditional approaches to risk management is being thrown into question. More often than not, dedicated risk management departments work in silos to identify and mitigate a whole array of physical and cyber risks, but is that fair, and is it adequate?
When risks are multiplying and their complexity is growing, especially in the virtual space, compartmentalising risk managers is a sure-fire way to prevent them from fully understanding the true scope of threats. As such, risk management has to evolve and become a responsibility of all departments to meet the modern requirements of the hyper-connected world.
Embracing a more connected approach
As with any field, risk management and its processes must constantly progress to protect organisations from potentially damaging reputational and financial consequences. In the face of today’s complex risk landscape, it’s time businesses embrace cross-departmental collaboration to identify and minimise a whole array of risk dimensions. From economic, political and regulatory to sustainability, health and safety and data privacy, all risks must be managed cross-departmentally, with every stakeholder aligned to ensure full understanding and the best outcome.
Cyber risk is a good example to look at as it shouldn’t only be the responsibility of a CISO. As almost every department uses technology and handles some form of data, managing cyber risk must be shared across the business. It’s vital the whole organisation buys into that responsibility and understands their role in protecting the business. This is important as the shift to hybrid and remote working models combined with the adoption of new technologies and connecting IoT devices means more vulnerabilities to exploit. The task of keeping critical data and systems safe should never just be in the hands of one person.
Connecting disparate functions is critical to understanding interrelationships between different departments and identifying shared risks. Such a cross-divisional lens is essential to the prevention of a series of negative impacts of one risk on other departments. It ensures a crucial alignment between the identified risks and the wider business strategy, in turn, creating a more dynamic and agile response to the changing risk landscape.
Implications on customer experience
When embracing new, more collaborative risk management approaches, organisations need to consider how the changes can impact customer expectations and experience. Striking the right balance between risk management decision-making and meeting customer demands is key. With enterprises increasingly adopting new technologies, data and cyber risk is once again a good example to illustrate the point.
For some customers, it may be important to see and feel the security layers. However, for others, their prominence can come second to the speed, convenience and usability of a product. Most people are likely to be okay with layers of security in their banking applications to protect their money but may not be so accepting with the same protocols to read their favourite e-book, or listen to their music on streaming platforms. The trouble with getting the balance wrong is that businesses risk introducing unnecessary risk, potentially damaging their reputation and their relationships with customers. Worst case scenario, both.
In the area of physical security, again we can see divergence of approach. Physical security is at the top of the list for organisations wishing to house their IT infrastructure in data centre colocation facilities like Telehouse. Colocating enterprises actively ask to see clear security measures such as access controls, perimeter fencing and CCTV, and are happy to go through strict protocols to keep their equipment safe. However, if we were to ask an individual on their way to the supermarket to go through an access control protocol, we’re likely to see them turn around frustrated and annoyed. Whatever the scenario in risk management, there is simply no one-size-fits-all approach and it’s important this is recognised.
Unlocking new business opportunities
Risk management has always been a stress-inducing subject for many decision makers. It doesn’t have to be though. To help conquer the fears, we need to change how we approach conversations about risk in the boardroom. There is power in being open, passionate, curious, and in actively listening to employees’ views and opinions when it comes to pre-emptying and mitigating risks. Modern risk management teams can help facilitate these vibrant discussions across the business. When they do, a whole world of new opportunities can open up.
For example, identifying ESG risks and action plans can actually help organisations gain a competitive edge. As they impact environmental management practices, working conditions, compliance with relevant laws and regulations, their significance cannot be understated. Business leaders tend to see ESG and sustainability risks as needing strict controls, as getting it wrong can harm their reputation. And in part, that’s true. However, what many often fail to see is the opportunity to improve reputation, working practices, efficiencies, or even influence regulatory landscape for the better. In turn, these can help differentiate the business amongst its competition.
Pushing regulations forward
Shifting away from traditional risk management approaches is revealing how much the current regulations are falling behind. Technology evolves much faster than regulators can keep pace with, which can often translate to a lack of clarity and divergent views. Delays in publishing guidance on how to safely implement new tools and not accidentally risk non-compliance can also cause confusion for organisations trying to navigate the legal environment.
However, this shouldn’t stop businesses from adopting new technologies as they search for increased efficiencies, greater agility and competitive advantage. The adoption of technological advancements can actually push regulators forward and accelerate the legislative progress in a way that benefits all parties. As most businesses have now begun digital transformation and innovation journeys, regulators consider how their input can impact initiatives and help the entire economy.
So, instead of fearing regulators and the discussions around risk management, it’s time businesses embrace a more proactive approach and collaboration to ensure the field is fit for the modern, hyper-connected world. Inclusivity and openness in risk management will help ensure all physical and cyber risks are understood, identified, mitigated and managed in the most effective way, without placing the burden on one individual, or one department. Abandoning the practice of siloed risk management will allow businesses to seize new opportunities, meet new customer expectations and give them the chance to shift the regulatory landscape forward for the whole industry to benefit from.
- Sarah Draper is General Counsel and Chief Risk Officer at Telehouse
- Businesses 'running blind' in the fight against cyber crimeDigital Strategy
- Five Minutes With: Björn Dufwenberg, MD at Strat7 AdvisoryLeadership & Strategy
- Building bridges between management and productivityLeadership & Strategy
- How analogous inspiration can solve your strategic deadlockLeadership & Strategy